Security firmCheck Point has demonstrated an Apple vulnerability in the industry-standard SQLite database format which can be exploited. Speaking at Def Con 2019, the company showed the technique being used to manipulate Apple’s iOS Contacts app. Searching the Contacts app under these circumstances can be enough to make the device run malicious code.

“SQLite is the most wides-spread database engine in the world,” said the company in a statement. “It is available in every operating system, desktop and mobile phone. Windows 10, macOS, iOS, Chrome, Safari, Firefox and Android are popular users of SQLite.”

Analyst Take: Apple has long enjoyed a reputation of having the most secure devices. Part of this had to do with the relatively small number of devices employed (Mac vs. PC), and part of it also seemed to be related to the company having an extremely rigid quality control philosophy that meant flaws in hardware and vulnerabilities in software were weeded out before devices were brought to market, and if by some unknown reason they made it to market they were fixed quickly.

The vulnerability discovered here adds another black eye to Apple’s growing list of woes that now further damages its secure reputation.

Perhaps one of the most alarming things about the discovery is that the hack was exploited because of a KNOWN bug allowing using 4-year old vulnerabilities in SQLite, to force an application to run malicious code. Check Point showed how the contacts app could be forced to shutdown, but this was the G rated addition as the same code could easily have been used to steal passwords.

Before panic takes over on this one, I want to point out that for this particular vulnerability to be exposed at this time, someone would have to have access to the physical device, which obviously makes it a lot less scary for the 1.4 billion or so iPhones and iPads that are effected by this issue. However, like many security flaws, they can certainly morph into something worse, so I’m watching Apple closely on this one to see how they react now that it has been exposed. Continuing to leave a known issue like this unsettled is not a good reflection on Apple. It’s also worth noting that Apple has recently seensecurity flaws in iMessage that don’t require device access meaning this isn’t necessarily an isolated event.

I believe the days of Apple having a massive gap from the competition in virtually anything technology related are over. Security and privacy , which have enjoyed a relatively sterling reputation among consumers, have been exposed over the past several weeks. It’s critical for Apple to get these areas in order as the last thing the company needs is a massive hack or data breach to cement their reputation as the same as others when it comes to security.

Daniel Newman is the Principal Analyst of Futurum Research and the CEO of Broadsuite Media Group. Living his life at the intersection of people and technology, Daniel works with the world’s largest technology brands exploring Digital Transformation and how it is influencing the enterprise. From Big Data to IoT to Cloud Computing, Newman makes the connections between business, people and tech that are required for companies to benefit most from their technology projects, which leads to his ideas regularly being cited in CIO.Com, CIO Review and hundreds of other sites across the world. A 5x Best Selling Author including his most recent “Building Dragons: Digital Transformation in the Experience Economy,” Daniel is also a Forbes, Entrepreneur and Huffington Post Contributor. MBA and Graduate Adjunct Professor, Daniel Newman is a Chicago Native and his speaking takes him around the world each year as he shares his vision of the role technology will play in our future.

Join 55,000 other Business + Tech Leaders

Get industry news, business insights, and the information you need delivered straight to your inbox.

Why join our email list? Get important insights straight to your inbox, receive first looks at eBooks, exclusive invitations to Webinars, and access to reports before public release. We promise not to spam you or sell your name to anyone. You can always unsubscribe from our content at any time.